The wide proliferation of security
vulnerabilities nowadays is because of the widespread Internet connectivity.
Therefore, an approach to application-specific security is really needed to let
computer users remediate vulnerabilities without relying on application
vendors. The solution discussed in this paper monitors and changes an
application's behavior by intercepting the system calls, which are requested.
The computer security issue that involves hackers is now still very hot. We can read from newspapers that intrusions into presumably secure computers occur almost every day. This is not only a social but also a technical issue. Most of the hackers are doing the intrusion because of wanting to reveal secrets of others. Some of them are hoping to defeat those “anti-virus professional”. Their social approach involves inducing trusted individual to reveal secrets through bribery, blackmail or trickery. Technical means include exploiting vulnerabilities stemming from misconfiguration and latent application and operating-system bugs.
Application security vulnerabilities pose a very serious technical problem. There exist malicious developers who add security vulnerabilities for future exploitation. Therefore, this gives the malicious hackers an opportunity. Besides, the little attention in security issues also makes the problem more serious. Therefore, four defensive lines are introduced. The first line eliminates vulnerabilities through better development practices. The second is to monitor an application’s input. The third, also the main topic in the article, is to detect and prevent exploitations by monitoring an application’s runtime behavior. The fourth is to look for the residue of successful attacks by periodically examining file systems.
The approach is based on the system-call monitoring system (SMS). By intercepting system calls, SMS augments the kernel’s general-purpose security with application-specific functionality and thus allowing exploitation detection and damage prevention. Besides, SMS also does not require access to application source code. This empowers administrators to correct security vulnerabilities in existing applications even if they cannot modify source code.